testing the beta version of the Fedora 33 distribution. The beta release marked the transition to the final stage of testing, in which only critical bug fixes are allowed. Release at the end of October. Issue covers , Fedora Server, Fedora Silverblue, Fedora IoT and Live builds shipped in the form with KDE Plasma 5, Xfce, MATE, Cinnamon, LXDE and LXQt desktop environments. Builds are prepared for x86_64, ARM (Raspberry Pi 2 and 3), ARM64 (AArch64) and Power architectures.
Most significant in Fedora 33:
- All desktop distributions (Fedora Workstation, Fedora KDE, etc.) have been moved to use the Btrfs file system by default. Using the built-in Btrfs partition manager will solve problems with running out of free disk space when mounting the / and /home directories separately. With Btrfs, these partitions can be placed in two subpartitions, mounted separately, but using the same disk space. Btrfs will also allow features such as snapshots, transparent data compression, correct I/O isolation via cgroups2, and on-the-fly resizing of partitions.
- Fedora Workstation updated to release , which has been optimized for performance, offered an introductory interface (Welcome Tour) with information about the main features of GNOME, expanded parental controls, provided the ability to assign different screen refresh rates for each monitor, added an option to ignore the connection of unauthorized USB devices during screen lock .
- Fedora Workstation ships with Thermald by default to monitor temperature sensors and protect the CPU from overheating during peak loads.
- By default, animated desktop wallpapers are enabled, in which the color changes depending on the time of day.
- Instead of vi, the nano text editor is offered by default. The change is driven by a desire to make the distribution more accessible to beginners by providing an editor that can be used by anyone with no specific knowledge of Vi editor methods. At the same time, the delivery of the vim-minimal package has been retained in the base composition (the direct call to vi has been preserved) and the ability to change the default editor to vi at the request of the user has been provided.
- Among the official editions of the distribution is accepted (Fedora IoT), which now ships alongside Fedora Workstation and Fedora Server. The Fedora IoT edition is based on the same technologies that are used in , ΠΈ , and offers a system environment truncated to a minimum, which is updated atomically by replacing the image of the entire system, without breaking it into separate packages. To control the integrity, the entire system image is digitally signed. To separate applications from the main system use isolated containers (podman is used for management).
The Fedora IoT system environment is formed using technology , in which the system image is atomically updated from a Git-like repository, which allows you to apply version control methods to the components of the distribution (for example, you can quickly roll back the system to a previous state). RPM packages are translated into the OSTree repository using a special layer . Ready builds for x86_64, Aarch64 and ARMv7 architectures (armhfp). support for Raspberry Pi 3 Model B/B+, 96boards Rock960 Consumer Edition, Pine64 A64-LTS, Pine64 Rockpro64 and Rock64 and Up Squared boards, as well as x86_64 and aarch64 virtual machines.
- The KDE desktop edition of Fedora has the earlyoom background process enabled by default, which was introduced with Fedora Workstation in the last release. Earlyoom allows you to more quickly respond to a lack of memory, without reaching the call of the OOM (Out Of Memory) handler in the kernel, which is triggered when the situation becomes critical and the system, as a rule, no longer responds to user actions. If the amount of available memory is less than 4%, but not more than 400 MiB, earlyoom will forcefully terminate the process that consumes the most memory (which has the highest /proc/*/oom_score value), without bringing the system state to clear system buffers.
- Many packages have been updated, including RPM 4.16, Python 3.9, Perl 5.32, Binutils 2.34, Boost 1.73, Glibc 2.32, Go 1.15, Java 11, LLVM/Clang 11, GNU Make 4.3, Node.js 14, Erlang 23, LXQt 0.15.0. 6.0, Ruby on Rails 2.1.0, Stratis 2.6. Support for Python 3.4 and Python 64 has been dropped. The aarchXNUMX architecture ships with .NET Core.
- Support for the mod_php module for the Apache http server has been discontinued, instead of which it is proposed to use php-fpm to run PHP web applications.
- Bundled with Firefox for Fedora patches for hardware acceleration of video decoding using VA-API (Video Acceleration API) and FFmpegDataDecoder, which is included, among other things, in sessions based on WebRTC technology used in web applications for video conferencing. The acceleration works in Wayland and X11 based environments (when running "MOZ_X11_EGL=1 firefox" and enabling the "media.ffmpeg.vaapi.enabled" setting).
- The chrony precise time synchronization server and client and the installer include support for the NTS (Network Time Security) authentication mechanism.
- In Wine by default a backend based on the DXVK layer that provides an implementation of DXGI (DirectX Graphics Infrastructure), Direct3D 9, 10 and 11, working through call translation to the Vulkan API.
Unlike Wine's built-in Direct3D 9/10/11 implementations that run on top of OpenGL, DXVK allows for better performance when running 3D applications and games in Wine. - When building packages by default optimization at the linking stage (LTO, Link Time Optimization). Added "-flto" option to redhat-rpm-config.
- To resolve DNS queries by default systemd-resolved. Glibc has been migrated to nss-resolve from the systemd project instead of the built-in NSS module nss-dns.
Systemd-resolved performs functions such as maintaining settings in the resolv.conf file based on DHCP data and static DNS configuration for network interfaces, supports DNSSEC and LLMNR (Link Local Multicast Name Resolution). Among the advantages of switching to systemd-resolved is support for DNS over TLS, the ability to enable local caching of DNS queries, and support for binding different handlers to different network interfaces (depending on the network interface, a DNS server is selected to access, for example, for VPN interfaces DNS queries will be sent via VPN). DNSSEC is not planned for Fedora (systemd-resolved will be built with the DNSSEC=no flag).
To disable systemd-resolved, you can deactivate the systemd-resolved.service and restart NetworkManager, which will create the traditional /etc/resolv.conf. - In NetworkManager to store settings instead of ifcfg-rh plugin file in keyfile format.
- For ARM64 systems assembly of packages using pointer authentication (Pointer Authentication) and protection against the execution of instruction sets that should not be branched (BTI, Branch Target Indicator). These mechanisms are effective for protecting against attacks using return-oriented programming (ROP) techniques, in which the attacker does not try to place his code in memory, but operates with pieces of machine instructions already available in loaded libraries, ending with a control return instruction.
- Carried out to simplify the implementation of the boot menu selective display technology, in which the menu is hidden by default and is shown only after a crash or activation of an option in GNOME.
- Instead of creating a traditional swap partition placement of swap (swap) using a zRAM block device that provides data storage in RAM in a compressed form.
- background process (Storage Instantiation Daemon) for monitoring the status of devices in various storage subsystems (LVM, multipath, MD) and calling handlers when certain events occur, for example, to activate and deactivate devices. SID works on top of udev and responds to events from it, allowing you to get rid of the creation of complicated udev rules for interacting with various classes of devices and storage subsystems that are difficult to maintain and debug.
- RPM Package Database (rpmdb) from BerkeleyDB to SQLite. The main reason for the change is that rpmdb uses an outdated version of Berkeley DB 5.x that has not been maintained for several years. Upgrading to newer releases is hindered by the license change from Berkeley DB 6 to AGPLv3, which also applies to applications that use BerkeleyDB in library form (RPM comes under GPLv2, and AGPL is incompatible with GPLv2). In addition, the current BerkeleyDB-based rpmdb implementation does not provide the necessary reliability, as it does not use transactions and is not able to detect inconsistencies in the database.
Source: opennet.ru